Section A - Standards that Apply to All RFPs

Transcription

1 These standards provide general information regarding the services provided by the Information Technology branch, in the context of implementation projects. These standards are published, at minimum, bi-annually through consultation with subject matter experts. Respondents who have questions regarding these standards should engage the contact identified on the RFP they are responding to. Section A - Standards that Apply to All RFPs These standards apply, regardless of where the Solution may be hosted. 1. Project Management Methodology Project Lifecycle / Gating Process The Information Technology Branch uses a customized project management methodology which aligns with PMI standards. The Information Technology Branch utilizes the standard PMBOK Process Groups for the formal deliverables. These groups are: Initiating, Planning, Executing, Monitor & Controlling, and Closing. Mandatory deliverables are defined via a published Responsibility Matrix.. Implementation of any information technology to City of Edmonton staff normally must utilize this methodology for the IT-specific components of the Project, even if the primary purpose of your Project is not Information Technology. For all implementations, weekly status reports and monthly project logs must be submitted to the PMO utilizing in-house standard templates. Disaster Recovery Planning FOIP All projects must include a Disaster Recovery plan specific to the requirements of the business. This applies whether the solution is to be hosted by the City of Edmonton or by a third-party. All projects must include a Pre-PIE (Preliminary Privacy Impact Evaluation) and potentially a PIE (Privacy Impact Evaluation) which is approved by the Corporate FOIP office in the Office of the City Clerk. 2. Security & Risk Assurance General Solutions must use industry-standard (or better) security procedures and technologies. The level of security controls must be adequate given the risks and information managed by the application, and must be compatible with existing City of Edmonton security infrastructure. Installation, support, development and enhancements of solutions should be performed on-site. If this is not possible, then remote access will be provided by the City of Edmonton using one of our existing remote access solutions. Infrastructure All City-managed computers (server, desktop, laptop) require a Last Update: March 2, 2017 Page 1 of 9

2 working, properly configured anti-virus software that meets the City s standard anti-virus offerings. Solutions deployed to personal computing devices should not require Local Administrator to operate. Local connections to the City of Edmonton network must be done with City-managed devices. Direct connection of devices not managed by the Information Technology Branch to the City of Edmonton internal corporate network is not permitted. Remote access to the City of Edmonton network is limited to use of City of Edmonton approved and managed access solutions. Use of remote access includes granting the City of Edmonton permission to validate the security of the device being used to connect, including (but not limited to) anti-virus and operating system patch levels. Access is sometimes limited to City-managed devices, based on the access level that is necessary. Access sometimes requires the use of two-factor authentication. Internal Solutions The use of non-standard ports will require explicit City of Edmonton approval, including the use of compensatory packages to strengthen the level of security. Information stored locally on mobile computing devices must be protected by an appropriate data security solution, as determined by the City of Edmonton. Encryption of stored data requires City of Edmonton approval and must include key escrow procedures to ensure encryption keys are available when staff are absent. External Solutions Any secure internet site which the City of Edmonton is required to use as part of a solution must be signed with a valid and trusted SSL certificate. Self-signed SSL certificates are not accepted by the City of Edmonton as either valid or trusted. Any communication over a publicly accessible network that involves the transmission of City of Edmonton information must be adequately encrypted. Adequacy is subject to City of Edmonton approval. 3. Enterprise Solutions ERP Applications PeopleSoft HR POSSE SAP SAP Business Objects Spatial Land Inventory Management (SLIM) System Spatial Data & Rendering GeoMedia suite Oracle RDBMS with Oracle Spatial and Oracle Workspace Manager Drafting Bentley Microstation Last Update: March 2, 2017 Page 2 of 9

3 Bentley Maps 4. Desktop Software The applications detailed here are available on all standard desktop installations at the City of Edmonton. Standard operating system for desktops is Microsoft Windows bit. Productivity Software G Suite (Standard Mail and Calendar) G Suite (collaboration and productivity) Google Hangout Adobe Reader Adobe Flash Player Adobe Shockwave RightFax Note: Additional Microsoft Office Professional 2010 applications are available as complimentary productivity tools providing the appropriate business requirements Web Browsers Google Chrome Internet Explorer Ver 11 (exceptions available for alternative IE Versions) Anti-Virus Anti-Virus services are provided to all desktop and laptop installations. Software Fax Software-based FAX service is available on all desktop installations. 5. & Calendar & Calendar Video Streaming Google and Google Calendar are the primary and calendar service offerings. Exchange services are available for application integration use. Archival services are provided to all services. Filtering of , for spam and security purposes, is actively performed. Video streaming is provided through internally hosted streaming services and through web-hosted streaming services. The standard for streamed video format is H.264 MPEG Development Tools These standards only apply to solutions that the City of Edmonton will be directly supporting in a fashion that requires changes to implementation code. Application.NET C++ Java Last Update: March 2, 2017 Page 3 of 9

4 PERL Database Business Objects Enterprise XI Oracle Discoverer Oracle Enterprise Manager Oracle Forms Oracle JDeveloper Oracle Reports SQL Navigator SQL Plus SQL Developer TOAD Version Control Team Foundation Server/Team Foundation Services Web Development.NET Technology SAP NetWeaver Developer Studio 7. Open Source The following standards only apply to Open-Source respondents to RFPs. Product Roadmap The City of Edmonton encourages vendors to submit roadmaps for open source products as part of an RFP response to ensure we have an understanding of how the product s features will be changing over the near future. Product Support RFP responses that are suggesting the use of an open source product must contain elements that detail how adequate support for this product will be provided. Adequacy is determined by the City of Edmonton. 8. Web Application The following standards only apply to web applications or websites. Mobile Friendly Avoids software that is not common on mobile devices, like Flash Uses text that is readable without zooming Sizes content to the screen so users don't have to scroll horizontally or zoom Places links far enough apart so that the correct one can be easily tapped Encryption Protects web application with HTTPS, even if it doesn t handle sensitive communications 9. Public Facing Web Application The following standards only apply to web applications or websites that are public facing. Last Update: March 2, 2017 Page 4 of 9

5 Visual Identity, Colors and Fonts Must be able to follow the CoE Visual Identity Standards. Google Analytics Must be able to embed the Google Analytics to track the visiting traffic details. Section B - Standards that Apply to City Hosted Solutions These standards apply where the services or servers are to be located at a City of Edmonton datacenter. 1. Computing Facilities General Rack Sizes The City of Edmonton maintains three primary computing facilities. All solutions that are hosted by the City should be capable of being hosted from one of these three facilities and must conform to IEEE standards. All equipment that is to be hosted at a City of Edmonton computing facility must use a standard 19-inch rack size. 2. Networks Internal Network Internal wired network connections exist at all city facilities. Any product, device, or application requiring network access, or sending/receiving data across the city s network that does not meet CoE Server, operating system, hardware or software standards requires prior approval on a case by case basis. Remote Access Vendor remote access is offered by the City of Edmonton, if required. 3. Data Storage & Backup Data Storage The City of Edmonton maintains a fibre-channel data storage-area network, that is available to all solutions hosted at the City of Edmonton computing facilities. Mirroring between systems is available, if required, to enable higher availability of systems. Backups All corporate information is subject to regular backups. Backups also include off-site storage as part of the City of Edmonton s Disaster Recovery plans. 4. Telecommunications Last Update: March 2, 2017 Page 5 of 9

6 General Telecommunications services to the city s 400+ sites are provided through a combination of Centrex digital, analog telephone services and Voice over IP services. Any telecommunications device or application must utilize existing telecommunications infrastructure. The use of analog telephone services requires approval by the City of Edmonton. Voic Voic is provided by a combination of City owned systems devices and service contracts with providers. 5. Server Operating Systems There are two supported operating systems. Both operating systems are available to each class of server (see below). Windows Server 2012 R2 UNIX Specific Versioning is available upon request if appropriate Database Servers The UNIX operating system is the preferred environment for solutions that require high-availability. Virtualization The City of Edmonton uses virtualization technology within its server infrastructure. The use of virtual servers is strongly preferred for all Windows solutions. Higher requirements should utilize standalone physical server(s) with preference to blades, then rack mounted.. *1-4 vcpu to max of 12 vcpu 8-16 gigs RAM to a max of 64 gigs RAM 1 v NIC Network connection 100 GB of storage disk - includes 40 gb required for C: OS (extra charge required for more disk) Licensing Remote Access Antivirus Domain Environment Software licensing models must indicate what premium, if any, is charged for multicore processor configurations. The license models must also indicate how virtual environments impacts the costs and terms of the license. No remote access solutions may be installed directly on servers. Only the existing remote access solutions maintained, and approved, by the Information Technology Branch Network Operations Team may be used. All server installations include anti-virus services. The current version of Domain Controllers for Active Directory is Windows Server 2012 R2. Last Update: March 2, 2017 Page 6 of 9

7 Windows AD Test Environment A test domain is available which closely simulates the production environment. 6. Database Enterprise Environments The City of Edmonton supports two enterprise class database environments: Oracle - 12c. Microsoft SQL Server The use of other enterprise level database environments must be justified on an exception basis. Database Development The City of Edmonton provides limited development support for local and middle tier database applications. Technical support at this level is limited to the provisioning of the database platforms and does not extend to the support of end-user applications developed using these database solutions. Limited "best-effort" application support may be available in certain circumstances. Database Architecture The City of Edmonton supports the the sound Database Architecture principles, including the normalization of logical data to physical database Data Lifecycle The City of Edmonton requires the ability to manage application lifespan with archive and purge options. 7. Desktop Computing Devices Operating Systems There are two supported standard operating systems. Not all operating systems are available on all classes of devices. Windows bit Chrome OS Alternative platforms may be available as exceptions. Desktop Desktop computers run either supported operating system, as appropriate to their hardware. Last Update: March 2, 2017 Page 7 of 9

8 Laptops Laptop computers run either supported operating system, as appropriate to their hardware. Tablets Tablet computing devices are primarily ipad devices. 1. Internal Authentication General Active Directory is the authoritative source for all authentications within the City of Edmonton network, including employees and external affiliates. Single Sign-On It is desired that Internally hosted solutions have the capability to integrate with authentication services. Integration It is desired that internally hosted solutions be capable of integrating with Active Directory for the purpose of account provisioning and deprovisioning. On-demand integration with Active Directory, such as for authentication, should not be performed except through a City of Edmonton approved authentication source. Section C - Standards that Apply to Externally Hosted Solutions These standards apply where the services or servers are to be located at a location managed by a service provider. 1. External Authentication General All external solutions must provide application security, including role-based access control. Account IDs and passwords must be capable of being at minimum 10 character each. Single Sign-On It is desired that externally hosted solutions have the capability to integrate with authentication services. They should rely on existing standard authentication processes, such as SAML or OAUTH. Integration It is desired that externally hosted solutions be capable of integrating with Active Directory for the purpose of account provisioning and deprovisioning. On-demand integration with Active Directory, such as for authentication, should not be performed except through a City of Edmonton approved authentication source. 2. Business Continuity Last Update: March 2, 2017 Page 8 of 9

9 Disaster Recovery Plans All City of Edmonton solutions are required, as part of the Business Impact Assessment, to define Recovery Point Objectives and Recovery Time Objectives. Backups All data backups must be encrypted. All data backups must be either stored offsite or replicated to an alternate site. 3. Application Design & Configuration Design All applications must include an Entity Relationship Diagram. Configuration The application should allow customization and / or configuration to maintain City of Edmonton communications design guidelines regarding the visual look and feel of the application. The proponent of the application should describe how the application could be moved to a different platform or functionality transitioned to another application. 4. Integration Web Services The preferred method for accessing City data is web-services that use industry-standard protocols and message formats. The functionality of the application should be consumable via web services to enable as real-time integration, or as near to real-time as is reasonable. Data The City s data must be available to other City of Edmonton applications including business intelligence and statistical reporting tools. Unstructured data should reside in a content repository versus the application s database. Last Update: March 2, 2017 Page 9 of 9